2020年,許多美國(guó)人將被賦予一項(xiàng)有力的工具,用于保護(hù)他們?cè)诰W(wǎng)絡(luò)上的隱私。一項(xiàng)覆蓋廣泛的新法律將要求數(shù)百萬(wàn)的企業(yè),向消費(fèi)者告知其所收集的用戶數(shù)據(jù),并在用戶要求下刪除這些數(shù)據(jù)。 這條新法被稱為加州消費(fèi)者隱私保護(hù)法案(CCPA),它將會(huì)打擊網(wǎng)絡(luò)經(jīng)濟(jì),因?yàn)槿绱硕嗟墓尽徽摽萍季揞^還是普通零售商——都依賴定向廣告。如果人們要求這些公司刪除他們的數(shù)據(jù),那么廣告效果就差了。 拿沃爾瑪來(lái)說(shuō),在新法下,它的在線廣告不會(huì)像以往那樣包含個(gè)性化推送,因而它的銷售將會(huì)下滑。又比如谷歌,有可能損失一大塊營(yíng)收,因?yàn)槠胀◤V告與使用個(gè)人數(shù)據(jù)的定向廣告相比,收費(fèi)要低得多。 加州新法正在被其他二十多個(gè)州復(fù)制,因此其效應(yīng)將是巨大的。但前提是在新法于2020年1月1日生效后,人們要使用他們被賦予的新權(quán)利——這就要打個(gè)大大的問(wèn)號(hào),因?yàn)闅W洲自2018年開(kāi)始實(shí)施類似的隱私保護(hù)法,稱為通用數(shù)據(jù)保護(hù)條例(GDPR),但運(yùn)用這一法律的人相對(duì)較少。 “這是件大事嗎?數(shù)千人、數(shù)十萬(wàn)人或者數(shù)百萬(wàn)人會(huì)拿起法律來(lái)用嗎?我們還不知道?!?咨詢企業(yè)德勤公司專注于企業(yè)風(fēng)險(xiǎn)的克里斯·梅說(shuō)。 但對(duì)于受隱私保護(hù)法影響的企業(yè)來(lái)說(shuō),遵守法律的負(fù)擔(dān)卻是實(shí)實(shí)在在的。法律要求企業(yè)為消費(fèi)者提供兩種詢問(wèn)方式,比如在線表格和免費(fèi)電話號(hào)碼,消費(fèi)者籍此詢問(wèn)數(shù)據(jù)和要求刪除個(gè)人數(shù)據(jù)。受加州司法部部長(zhǎng)委托的一份超黨派報(bào)告指出,加州企業(yè)將為此新法支付額外的550億美元費(fèi)用,包括法律咨詢和設(shè)計(jì)費(fèi),對(duì)每家企業(yè)來(lái)說(shuō)是額外的55000美元至200萬(wàn)美元。 由于CCPA是一項(xiàng)加州法律,在加州做生意的大多數(shù)公司都會(huì)受影響。而很少有企業(yè)會(huì)為此而撤離美國(guó)最大的市場(chǎng)。 |
In 2020, many Americans will get a powerful tool to protect their online privacy. A sweeping new law will require millions of businesses to tell consumers what data they have collected about them and, if asked, to delete it. The law, known as the California Consumer Privacy Act (CCPA), could play havoc with the online economy, since so many companies—from tech giants to ordinary retailers—rely on targeted ads. If people demand that companies delete their data, those ads would be less effective. Walmart, for example, could miss out on sales because its online ads wouldn’t be as personalized as before. Google, meanwhile, risks losing a big chunk of its revenue because generic ads command far lower prices than ones targeted using personal data. The effect of California’s law, which is being copied in nearly two dozen other states, could therefore be enormous. But that’s only if people assert their new rights after the law goes into effect on Jan. 1—which is a big “if” considering that relatively few have taken advantage of a similar privacy law in Europe, called GDPR, that was implemented in 2018. “Is this a big deal for thousands or hundreds of thousands or millions of people? We don’t know yet,” says Chris May, who focuses on corporate risk for consulting firm Deloitte. For businesses affected by the privacy rules, however, the burden of complying is very real. Requirements include giving consumers two ways, such as an online form and a toll-free number, to ask for their data and to demand that it be deleted. A nonpartisan report commissioned by California’s attorney general says the state’s businesses will have to spend an extra $55 billion for upfront costs, such as legal advice and engineering, or an extra $55,000 to $2 million for individual firms. While CCPA is a California law, most major companies do business in the state and, as a result, are impacted. Few of them can afford to pull out of the nation’s biggest market. |
少數(shù)企業(yè)為了表達(dá)遵法好意,表示會(huì)自愿在全美50個(gè)州都遵守這一法律,這其中包括微軟和一些小企業(yè),比如位于波士頓的互聯(lián)網(wǎng)服務(wù)提供商Starry。Starry的首席執(zhí)行官洽特·卡諾加說(shuō),到目前為止,只有少數(shù)客戶要求刪除他們的個(gè)人數(shù)據(jù),倒是有數(shù)十人寫(xiě)信稱能有這樣的選擇權(quán),要向公司表示感謝。 其他一些人士,比如美國(guó)商會(huì)的高級(jí)副總裁蒂姆·戴,則對(duì)CCPA新法表示不那么樂(lè)觀。他警告說(shuō),新法將會(huì)使數(shù)以千計(jì)的小企業(yè)陷入困境,比如花店和酒廠。 加州新法豁免了大多數(shù)營(yíng)業(yè)收入少于2500萬(wàn)美元的公司,但對(duì)于擁有至少5萬(wàn)人數(shù)據(jù)的公司——收集客戶信息比如電郵地址的企業(yè),很容易達(dá)到這一門檻——?jiǎng)t需要遵守新法。 “大企業(yè)有能力應(yīng)對(duì),但對(duì)于小企業(yè)來(lái)說(shuō),這是個(gè)極重的負(fù)擔(dān),而小企業(yè)是國(guó)家經(jīng)濟(jì)的支柱?!钡倌贰ご髡f(shuō)。 德勤的克里斯·梅預(yù)測(cè),到后來(lái)許多中小企業(yè)不會(huì)遵守新法,要么出于僥幸逃避受罰的盤算,或者遵法成本大過(guò)處罰金額。加州司法部負(fù)責(zé)從7月1日開(kāi)始執(zhí)行新法,給了新法生效6個(gè)月過(guò)渡期,克里斯·梅認(rèn)為小型花店和酒廠不會(huì)成為主要的執(zhí)法目標(biāo)。司法部拒絕向《財(cái)富》雜志透露執(zhí)法策略的細(xì)節(jié)。 “我們被賦予了執(zhí)法責(zé)任,因而我們將有所作為,盡可能地讓消費(fèi)者和企業(yè)都遵守法律要求?!奔又菟痉ú坎块L(zhǎng)哈維·貝賽拉在一份電子郵件中說(shuō)。 但這些還沒(méi)有最終算數(shù),因?yàn)樯虝?huì)正在游說(shuō)國(guó)會(huì)通過(guò)一項(xiàng)法律地位優(yōu)先于CCPA的聯(lián)邦法律。此前科技企業(yè)也曾經(jīng)試圖這么做,但失敗了,蒂姆·戴說(shuō)商會(huì)的努力或許結(jié)果會(huì)不同,因?yàn)樯虝?huì)想要保存該法律的主要原則,即要求獲取和刪除個(gè)人數(shù)據(jù)的權(quán)利,同時(shí)商會(huì)又側(cè)重于豁免小企業(yè)的遵法義務(wù)。 在國(guó)會(huì),很不尋常的是兩黨一致同意通過(guò)這樣一項(xiàng)法律,當(dāng)然民主黨和共和黨在誰(shuí)負(fù)責(zé)執(zhí)行法律,以及該法律是否應(yīng)該優(yōu)先于州隱私保護(hù)法方面,是有爭(zhēng)議的。許多人認(rèn)為在2020年美國(guó)總統(tǒng)大選前,不會(huì)制定新的法律,但布魯金斯學(xué)會(huì)的隱私保護(hù)專家卡梅倫·克里則相信,美國(guó)對(duì)于隱私保護(hù)的態(tài)度已經(jīng)發(fā)生了劇烈的變化,總統(tǒng)大選前出臺(tái)新法是有可能的。 克里說(shuō),“有這么一種轉(zhuǎn)變,更多的國(guó)會(huì)成員花費(fèi)更多時(shí)間在網(wǎng)絡(luò)上,并擔(dān)心數(shù)據(jù)隱私的復(fù)雜性,會(huì)牽涉到他們的孩子和孫輩。” (財(cái)富中文網(wǎng)) 本文另一版本登載于《財(cái)富》雜志2020年1月刊,標(biāo)題為《加州隱私新法惹風(fēng)波》。 譯者:宣峰 |
To create goodwill, a handful of big companies, like Microsoft, and small ones, including Boston-based Internet service provider Starry, have said they would voluntarily comply with the new law in all 50 states. So far, Starry CEO Chet Kanojia says, only a handful of customers have asked for their data to be deleted, while several dozen more have written to thank the company for giving them the option to do so. Others, like Tim Day, a senior vice president at the U.S. Chamber of Commerce, are less sanguine about CCPA. He warns that the law will ensnare thousands of smaller enterprises, such as florists and wineries. California’s law exempts most firms with less than $25 million in sales. But companies that have data for at least 50,000 people—a threshold that’s easily reached for businesses that collect customer email addresses, for instance—are subject to new rules. “Large businesses have the capacity to figure this out, but it’s an extreme burden for small ones, which are the backbone of this nation’s economy,” says Day. As a result, Deloitte’s May predicts that many small and midsize companies may not comply with the law, calculating that they won’t be punished or that any penalty will be cheaper than jumping through CCPA’s hoops. California’s Justice Department is tasked with enforcing the law, starting July 1, following a six-month grace period, and May suggests it’s unlikely that small florists and wineries will be top targets. The agency declined to provide details about its enforcement strategy to Fortune. “We were given the responsibility to enforce, and so that’s what we’re going to do, working as much as we can with consumers and businesses to make sure they’re complying with the law,” California Attorney General Xavier Becerra says in an email. This may not be the final word, however, because the Chamber of Commerce is lobbying Congress to pass a federal law to preempt CCPA. An earlier attempt by the tech industry fell short, but Day says the Chamber’s push is different in that the organization wants to preserve the law’s broad principles, notably the right to demand and delete most personal data, while doing more to spare smaller businesses. In Congress, there has been unusual bipartisan agreement to pass such a law, although Democrats and Republicans disagree about who should enforce it and whether it should preempt state privacy laws. While many think new legislation is unlikely until after the 2020 presidential election, Cameron Kerry, a privacy expert at the Brookings Institution, believes U.S. attitudes about privacy have changed so dramatically that a law may pass before then. Says Kerry: “There’s been a shift as more members of Congress spend more time online and worry about the implications of data privacy for their children and grandchildren.” A version of this article appears in the January 2020 issue of Fortune with the headline “California Sets Off Privacy Scramble.” |